← threatfilter.dev / all groups / Inception

Inception

G0100 Russia Espionage MITRE ATT&CK →

Also known as: Inception Framework · Cloud Atlas

Overview

Inception is a cyber espionage group active since at least 2014. The group has targeted multiple industries and governmental entities primarily in Russia, but has also been active in the United States and throughout Europe, Asia, Africa, and the Middle East.

Targets

Government · Private sector

Regions

Afghanistan · Armenia · Azerbaijan · Belarus · Belgium · Czech Republic · Greece · India · Iran · Italy · Kazakhstan · Kenya · Malaysia · Russia · South Africa · Suriname · Turkmenistan · Ukraine · United Kingdom · United States · Vietnam

Capabilities

Exploitation of public-facing / client applications — ATT&CK T1203

TTPs — 22 techniques across 9 tactics

Resource Development

T1588.002 Tool

Discovery

Collection

T1005 Data from Local System

Command and Control

T1071.001 Web Protocols
T1090.003 Multi-hop Proxy
T1102 Web Service
T1573.001 Symmetric Cryptography

Tools & malware (3)

PowerShower · VBShower · LaZagne

Reporting (3)

Inception Attackers Target Europe with Year-old Office Vulnerability — Lancaster, T
Inception Framework: Alive and Well, and Hiding Behind Proxies — Symantec
Cloud Atlas: RedOctober APT is back in style — GReAT

Overview

Targets

Regions

Capabilities

TTPs — 22 techniques across 9 tactics

Resource Development

Initial Access

Execution

Persistence

Stealth

Credential Access

Discovery

Collection

Command and Control

Tools & malware (3)

Reporting (3)